How to use cURL to send Cookies?

rest session curl flask session-cookies

583,593

Solution 1

This worked for me:

curl -v --cookie "USER_TOKEN=Yes" http://127.0.0.1:5000/

I could see the value in backend using

print(request.cookies)

Solution 2

You can refer to https://curl.haxx.se/docs/http-cookies.html for a complete tutorial of how to work with cookies. You can use

curl -c /path/to/cookiefile http://yourhost/

to write to a cookie file and start engine and to use cookie you can use

curl -b /path/to/cookiefile  http://yourhost/

to read cookies from and start the cookie engine, or if it isn't a file it will pass on the given string.

Solution 3

You are using a wrong format in your cookie file. As curl documentation states, it uses an old Netscape cookie file format, which is different from the format used by web browsers. If you need to create a curl cookie file manually, this post should help you. In your example the file should contain following line

127.0.0.1   FALSE   /   FALSE   0   USER_TOKEN  in

having 7 TAB-separated fields meaning domain, tailmatch, path, secure, expires, name, value.

Solution 4

If you have made that request in your application already, and see it logged in Google Dev Tools, you can use the copy cURL command from the context menu when right-clicking on the request in the network tab. Copy -> Copy as cURL. It will contain all headers, cookies, etc..

Solution 5

curl -H @<header_file> <host>

Since curl 7.55 headers from file are supported with @<file>

echo 'Cookie: USER_TOKEN=Yes' > /tmp/cookie

curl -H @/tmp/cookie <host>

docs & commit

View more solutions

583,593

Author by

daydreamer

Hello Viewer, Some of the places to see my work are BonsaiiLabs My Website

Updated on December 03, 2021

Comments

daydreamer over 2 years

I read that Send cookies with curl works, but not for me.

I have a REST endpoint as:

class LoginResource(restful.Resource):
    def get(self):
        print(session)
        if 'USER_TOKEN' in session:
            return 'OK'
        return 'not authorized', 401

When I try to access as:

curl -v -b ~/Downloads/cookies.txt -c ~/Downloads/cookies.txt http://127.0.0.1:5000/
* About to connect() to 127.0.0.1 port 5000 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.27.0
> Host: 127.0.0.1:5000
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 401 UNAUTHORIZED
< Content-Type: application/json
< Content-Length: 16
< Server: Werkzeug/0.8.3 Python/2.7.2
< Date: Sun, 14 Apr 2013 04:45:45 GMT
<
* Closing connection #0
"not authorized"%

Where my ~/Downloads/cookies.txt is:

cat ~/Downloads/cookies.txt
USER_TOKEN=in

and the server receives nothing:

127.0.0.1 - - [13/Apr/2013 21:43:52] "GET / HTTP/1.1" 401 -
127.0.0.1 - - [13/Apr/2013 21:45:30] "GET / HTTP/1.1" 401 -
<SecureCookieSession {}>
<SecureCookieSession {}>
127.0.0.1 - - [13/Apr/2013 21:45:45] "GET / HTTP/1.1" 401 -

What is that I am missing?

matts1 about 10 years

As long as you never, ever have a boolean for a user token as a cookie, given that they can just authenticate themselves without logging in that way.
ryenus over 9 years

According to the man page, for option -b, --cookie, e.g. curl -b <file-or-pairs>, if the argument is a string having the '=' symbol, it's passed as is, otherwise it's treated as a filename to read cookie from.
m3nda almost 9 years

Yes, this is the cURL cookie format. These are TABS and not SPACES.
nhed almost 8 years

IMO you did not enhance on the official doc which is clear as mud - beside the overloading of the -b flag what is the essential diff between -c & -b they both start the engine and point to a cookie file?
Madbreaks over 7 years

@nhed -c writes to the cookie file, -b reads from it. So when sending credentials for a login form you would specify -c to write the resulting cookie to a file, then you would use -b to read from and include the cookie in your next request.
LinuxDisciple over 7 years

Or do curl -b cookiefile -c cookiefile https://yourhost/ to read and write to the same cookie store like browsers do.
Admin almost 7 years

multiple cookies can be set with semicolons --cookie "key1=val1;key2=val2;..."
Valber over 5 years

This should be marked as the official answer, since this truly addresses the point as to why @daydreamer's setup was failing.
Sahbi over 3 years

~ is not expanded to $HOME if it's put within quotes, in which case it will be treated as a literal tilde. ;]
JSuar almost 3 years

This solution is much easier if the cookie you need is already available via a browser. +1
tharinduwijewardane almost 3 years

For sending multiple cookies, I had to put a space after ; (I am using a mac) Eg: --cookie "key1=val1; key2=val2"